TY - GEN
T1 - Two vulnerabilities in Android OS kernel
AU - Hei, Xiali
AU - Du, Xiaojiang
AU - Lin, Shan
PY - 2013
Y1 - 2013
N2 - Android Honeycomb operating system is widely used for tablet devices, such as Samsung Galaxy Tab. The Android system programs are usually efficient and secure in memory management. However, there has been a few security issues reported that show Android's insufficient protection to the kernel. In this work, we reveal a new security pitfall in memory management that can cause severe errors and even system failures. Existing security software for android do not detect this pitfall, due to the private implementation of Android kernel. We then discuss two vulnerabilities introduced by this pitfall: 1) malicious programs can escalate the root-level privilege of a process, through which it can disable the security software, implant malicious codes and install rootkits in the kernel; 2) deny of service attacks can be launched. Experiments have been conducted to verify these two vulnerabilities on Samsung Galaxy Tab 10.1 with Tegra 2 CPU. To protect systems from these vulnerabilities, we proposed a patching solution, which has been adopted by Google.
AB - Android Honeycomb operating system is widely used for tablet devices, such as Samsung Galaxy Tab. The Android system programs are usually efficient and secure in memory management. However, there has been a few security issues reported that show Android's insufficient protection to the kernel. In this work, we reveal a new security pitfall in memory management that can cause severe errors and even system failures. Existing security software for android do not detect this pitfall, due to the private implementation of Android kernel. We then discuss two vulnerabilities introduced by this pitfall: 1) malicious programs can escalate the root-level privilege of a process, through which it can disable the security software, implant malicious codes and install rootkits in the kernel; 2) deny of service attacks can be launched. Experiments have been conducted to verify these two vulnerabilities on Samsung Galaxy Tab 10.1 with Tegra 2 CPU. To protect systems from these vulnerabilities, we proposed a patching solution, which has been adopted by Google.
KW - Android Honeycomb OS
KW - DoS
KW - Kernel privileges elevating
KW - Nvidia Tegra
UR - http://www.scopus.com/inward/record.url?scp=84891359107&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84891359107&partnerID=8YFLogxK
U2 - 10.1109/ICC.2013.6655583
DO - 10.1109/ICC.2013.6655583
M3 - Conference contribution
AN - SCOPUS:84891359107
SN - 9781467331227
T3 - IEEE International Conference on Communications
SP - 6123
EP - 6127
BT - 2013 IEEE International Conference on Communications, ICC 2013
T2 - 2013 IEEE International Conference on Communications, ICC 2013
Y2 - 9 June 2013 through 13 June 2013
ER -